Detecting malicious packet drops and misroutings using header space analysis

Mohammadi, A. A; Kazemian, P Pakravan, M. R Sharif University of Technology

Please enable javascript in your browser.

Detecting malicious packet drops and misroutings using header space analysis

Mohammadi, A. A ; Sharif University of Technology | 2017

528 Viewed

Type of Document: Article
DOI: 10.1109/ISTEL.2016.7881876
Publisher: Institute of Electrical and Electronics Engineers Inc , 2017
Abstract:
Software Defined Networking (SDN) provides a logically centralized view of the state of the network, and as a result opens up new ways to manage and monitor networks. In this paper we introduce a novel approach to network intrusion detection in SDNs that takes advantage of these attributes. Our approach can detect compromised routers that produce faulty messages, copy or steal traffic or maliciously drop certain types of packets. To identify these attacks and the affected switches, we correlate the forwarding state of network - i.e. installed forwarding rules - with the forwarding status of packets - i.e. the actual route packets take in the network and detect anomaly in routes. Thus, our approach turns the network itself into a big intrusion detection system. We have evaluated our approach on topologies from real networks by developing an application over OpenDaylight SDN controller and detected simulated dropping and duplicating attacks in these networks. © 2016 IEEE
Keywords:
Drops ; Mercury (metal) ; Packet loss ; Forwarding state ; Intrusion detection systems ; Malicious packets ; Network intrusion detection ; Real networks ; Software defined networking (SDN) ; Space analysis ; Intrusion detection
Source: 8th International Symposium on Telecommunications, IST 2016, 27 September 2016 through 29 September 2016 ; 2017 , Pages 521-526 ; 9781509034345 (ISBN)
URL: https://ieeexplore.ieee.org/document/7881876

Friend's email
Your name
Your email
enter code